A conversation with Andrew Coyne, CISO of Mayo Clinic on cybersecurity and healthcare in 2022.

• With the migration to the cloud, as well as multi-cloud, how are you managing your legacy systems, decommissioning where appropriate, as well as rationalizing for consistency going forward? How does security enter into the IT decisions? With clinical and non-clinical devices, as well as IoT, how do you look at security and cyber-security “outside” of IT infrastructure?

• More and more aspects of the healthcare ecosystem are “going digital” and at the same time, they are harnessing the power of the cloud. What are the best practices for securing the cloud and having a robust risk posture?

• At the same time as healthcare is “going digital,” more and more components of the care continuum include other providers, other facilities, outpatient, and even home care, how do you manage cybersecurity against this larger threat footprint?

• How do regulatory and compliance issues like HIPAA and HITRUST impact your cybersecurity decision framework?

• How has the threat landscape changed in the last year, in light of SolarWinds, the Log4j vulnerability, and the more visible ransomware attacks on Broward County and others? How do you see ransomware evolving? How do industry and regulatory organizations proactively engage and worth together to address this issue and provide incident intelligence?

• With more workforces going remote during our response to COVID-19, how does this new hybrid work from anywhere model change the nature of the threat perimeter? • How does Zero Trust enter into the security equation? How do you manage that security for physicians, as well as patients?

• What are the core third-party risks to be managed in the year ahead, and beyond?